You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Fabricio Luiz Machado <so...@yahoo.com.br> on 2006/06/23 19:57:30 UTC
[users@httpd] mod_redirect X POST Method
Hi all!
I have an application hosted in two servers:
https://server1.mydomain.com/app
https://server2.mydomain.com/app
The client have a system (not a browser) that must access the
application and send username and password through a POST method,
conectiong at:
http://app.mydomain.com
The two server above are responding for "app.mydomain.com", because I
have an DNS round-robin environment.
On both servers, i have a rewrite configuration:
on server1:
<VirtualHost xx.xx.xx.xx:80>
ServerName app.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://server1.mydomain.com/app [L,R,NC]
</VirtualHost>
on server2:
<VirtualHost xx.xx.xx.xx:80>
ServerName app.mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://server2.mydomain.com/app [L,R,NC]
</VirtualHost>
The rewrite is working very fine for years, but in this case not,
because the application is not receiving the POST information (username
and password.
Is there a workaround for this problem ?
Thanks !
Fabricio.
_______________________________________________________
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale
o discador agora!
http://br.acesso.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_redirect X POST Method
Posted by Joshua Slive <jo...@slive.ca>.
On 6/23/06, Fabricio Luiz Machado <so...@yahoo.com.br> wrote:
> Hi all!
>
> I have an application hosted in two servers:
>
> https://server1.mydomain.com/app
> https://server2.mydomain.com/app
>
> The client have a system (not a browser) that must access the
> application and send username and password through a POST method,
> conectiong at:
>
> http://app.mydomain.com
>
>
> The two server above are responding for "app.mydomain.com", because I
> have an DNS round-robin environment.
>
> On both servers, i have a rewrite configuration:
>
> on server1:
> <VirtualHost xx.xx.xx.xx:80>
> ServerName app.mydomain.com
> RewriteEngine On
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/(.*) https://server1.mydomain.com/app [L,R,NC]
> </VirtualHost>
>
> on server2:
> <VirtualHost xx.xx.xx.xx:80>
> ServerName app.mydomain.com
> RewriteEngine On
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/(.*) https://server2.mydomain.com/app [L,R,NC]
> </VirtualHost>
>
> The rewrite is working very fine for years, but in this case not,
> because the application is not receiving the POST information (username
> and password.
> Is there a workaround for this problem ?
This is a bad idea for a couple reasons. First, the initial POST will
be sent in-the-clear (unencrypted), so you've blown your security.
Second, browser handling of redirected POST requests is very uneven
and unreliable. For a full discussion, see:
http://ppewww.ph.gla.ac.uk/~flavell/www/post-redirect.html
According to his testing, you may have more success if you use R=307.
But it just isn't a good idea.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org